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CONTROLLING USE OF A NETWORK RESOURCE 

FIELD OF THE INVENTION 

The present invention relates to computer systems and software. The invention relates 
5 more specifically to computer systems and software for controlling use of a network 
resource, for example, controlling navigation of a client through a networked computer 
system. 

BACKGROUND OF THE INVENTION 

Networked computer systems are in wide use. As use of networked computer systems 

10 has expanded, a need has developed to control or regulate access to the networks and servers, 
end stations, or other resources that are coupled to the networks. This problem is particularly 
acute in the context of institutional use of the global, packet-switched network known as the 
Internet. While a vast amount of information and executable applications are available online 
by accessing Internet servers using standard clients and browsers, institutions such as 

15 corporations, educational institutions, and government agencies now are seeking greater 
control over the nature and scope of use of the Internet and its resources by their employees 
and other users. 

Increasingly, institutions desire to permit their employees and other users to access 
and use only certain servers. Further, these institutions need to permit their employees and 
20 other users to use or navigate through the "allowed" servers only in specific ways. In 

particular, an enterprise may wish to enforce a particular identity or profile for a particular 
Web site or other network resource. These needs are not adequately addressed by known 
technology and approaches. 

For example, a corporation may wish to require its purchasing agents to use only 
25 specific Web servers or other online resources to make purchases on behalf of the company. 
Also, the corporation may wish to require each user of a particular Web server to navigate 
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the server using a particular series of hyperlinks, commands, or other actions. As a specific 
example, the institution may wish to require its purchasing agents to use a particular kind of 
security, a specific authentication method, only a particular corporate credit card account, etc. 
Thus, the institution may wish to require its employees to use an Internet resource only in a 
5 pre-defined, rationalized manner. 

Conventional network access control mechanisms rely on control of user names and 
passwords to govern access, authentication and authorization of users and clients to servers 
and other resources. However, management of user names and passwords becomes 
complicated as the number of servers and passwords grows larger. 

1 0 In response, certain password management mechanisms have become available. For 

example, World Wide Web browser programs, such as Netscape Communicator and 
Microsoft Internet Explorer, can save passwords in a static table that is stored on the client 
computer. The table is indexed by the Uniform Resource Locator (URL) of each server, site, 
application or resource that the client accesses using the Internet. Each time the client or user 

1 5 accesses an Internet resource that requests a password, the browser checks its password table 
to determine whether it has a password associated with the URL of the resource. A 
disadvantage of this mechanism is that the passwords are stored only on one particular client 
machine. This is inconvenient, because a user must use the same computer to access a 
particular site using a saved password. If the user connects to the Web using a different 

20 computer, the password tables is unavailable and the user is required to re-enter his or her 
password. 

Another similar mechanism is the World Wide Web service "mypassword.net. " This 
service and others provide a digital keychain service. Using this service, an individual or 
client may create password information and store it in association with a URL that identifies 
25 an Internet resource with which the password information is used. A disadvantage of this 
mechanism is that each employee of an institution must separately register with the service 
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and store the password information. Different employees will have different passwords, 
reducing employer control. 

A drawback of both these mechanisms is that they are effective only in facilitating 
access to a particular resource, or pages or applications within the resource; they cannot be 
5 used to control a path of navigation within the resource. In the specific context of corporate 
purchasing, price comparison sites on the Internet provide a way to obtain useful purchase 
information. However, such sites are not specific to a particular institution, and do not 
address all purchasing criteria that are important or relevant to the enterprise. Further, such 
sites do not support a rationalized or scripted method of access. 
10 Based on the foregoing, there is a clear need in this field for improved methods and 

mechanisms of controlling access to and use of network resources. 

There is a particular need for a mechanism of enforcing a pre-defined, rationalized 
method of use of a network resource, such as an Internet Web site or application program. 

There is also a need for a way to enforce a pre-defined navigation path through a 
1 5 network resource in order to maintain control over how the network resource is used and 
what kind of transactions are carried out using the resource. 

Other needs will become apparent from the following description. 
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SUMMARY OF THE INVENTION 

These needs, and other needs that will become apparent from the following 
description, are fulfilled by the present invention, which comprises, in one embodiment, a 
method of controlling use of a network resource. The network resource is accessed and 
5 navigated. Request and response messages that are generated during the navigating are 
detected. An access and navigation script is created and stored, based on the request and 
response messages. The access and navigation script is modified to result in creating and 
storing a generalized script that can accept context specific request and response information 
when used in an actual user navigation of the network resource. 

10 In one embodiment, a method and apparatus for controlling use of a network resource 

is disclosed. A network administrator accesses and navigates one or more network resources. 
A navigation capture server captures each request that is generated by the administrator's 
browser and each response that is received, and stores information about the requests and 
responses. The navigation capture server analyzes the captured information and generates an 

1 5 access/navigation script that represents the navigation actions taken by the administrator in 
the session. The script is edited and generalized in a manner such that upon playback of the 
script, the user may input actual useful information and the system may capture specific 
response data. 

When the client accesses and navigates the Web applications, context-specific 
20 information, relating to the client's then-current request, is passed from the User View Server 
to the navigation capture server. The navigation capture server merges the context-specific 
information into a corresponding request of the access/navigation script, and communicates a 
modified, context-specific request to the network resource. When the network resource 
generates a response, the message and any associated data are returned to the client through 
25 the navigation capture server and User View Server in a reciprocal manner. Thus, each user 
experiences a Web site with a uniform user interface or in a controlled way. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

The present invention is illustrated by way of example, and not by way of limitation, 
in the figures of the accompanying drawings and in which like reference numerals refer to 
similar elements and in which: 
5 FIG. 1 is a block diagram of a network system of the prior art. 

FIG. 2 is a block diagram of a system for creating and storing a navigation path for a 
network resource. 

FIG. 3 is a block diagram of a system for controlling access and use of a client of a 
network resource. 

10 FIG. 4A is a flow diagram of a method of creating and storing a navigation path for a 

network resource. 

FIG. 4B is a flow diagram of further steps in a method of creating and storing a 
navigation path for a network resource. 

FIG. 4C is a flow diagram of further steps in a method of creating and storing a 
1 5 navigation path for a network resource. 

FIG. 5 A is a flow diagram of a method of controlling access and use of a client of a 
network resource. 

FIG. 5B is a flow diagram of further steps in a method of controlling access and use 
of a client of a network resource. 
20 FIG. 6 is a block diagram of a computer system with which aspects of the invention 

may be implemented. 
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DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT 

A method and apparatus for controlling use of a network resource is described. In the 
following description, for the purposes of explanation, numerous specific details are set forth 
in order to provide a thorough understanding of the present invention. It will be apparent, 
5 however, to one skilled in the art that the present invention may be practiced without these 
specific details. In other instances, well-known structures and devices are shown in block 
diagram form in order to avoid unnecessarily obscuring the present invention. 

OPERATIONAL CONTEXT: A NETWORK SYSTEM 
FIG. 1 is a block diagram of a network system of the prior art. Client 100 is coupled 
10 to network 104, which is logically coupled to content server 108 and optionally to proxy 
server 1 10. Client 100 is a network end station such as a workstation, personal computer, 
personal digital assistant, etc. Client 100 executes browser 102, which is a program that can 
connect to, request and receive information from ("browse") network resources. 

Network 104 is one or more communication links between the elements that are 
15 coupled to network 104, and supporting hardware or software such as routers, switches, 

gateways, etc. Network 104 may comprise a local area network, wide area network, Intranet, 
or the global, packet-switched internetworks known as the Internet. 

A content server 108 and, optionally, a proxy server 1 10 are coupled to network 104 
logically separate from client 100. Content server 108 is an example of a network resource 
20 and comprises one or more computers that store and serve content, such as application 

programs, data, images, etc., to clients upon request. Proxy server 1 10 acts as an intermediary 
or buffer between content server 108 and requests from clients. For example, proxy server 
110 may be configured to intercept content requests directed to content server 108 and 
interact with the requesting client in some way on behalf of the content server. Alternatively, 
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proxy server 1 10 may modify the request or respond to the request itself if it has the 
information of content server 108 that the client is requesting. 

In this configuration, client 100 can connect to content server 108 and obtain one or 
more resources. However, a disadvantage of this arrangement is that an enterprise of which 
5 client 1 00 is a part has no control over the way that the client uses the content server. 

SYSTEM FOR CONTROLLING USE OF A NETWORK RESOURCE 
FIG. 2 is a block diagram of one embodiment of a system 2 for controlling use of a 
network resource. 

An administrative client 202, a navigation capture server 204, and network resource 
10 210 are logically coupled to network 104. Administrative client 202 is a network end station 
such as a workstation, personal computer, personal digital assistant, etc., that is associated 
with an administrative user of system 2. For example, the administrative user is a network 
supervisor, network administrator, information services manager, or some other individual 
with responsibility for controlling use of network resource 210. Administrative client 202 
1 5 executes a browser and can connect to, request and receive information from navigation 
capture server 204 and network resource 210. 

Navigation capture server 204 is one or more computer hardware or software 
elements that are configured to create and store ("capture") information that identifies request 
messages and response messages communicated between administrative client 202 and 
20 network resource 210 during a navigation session. For example, navigation capture server 
204 may include a capture process for recording information about Administrator interaction 
with network resource 210, and a separate playback processor for playing back a script 
developed from that interaction. Use of navigation capture server 204 in these modes is 
described further below. 
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A database 206 is coupled to navigation capture server 204 for storing the 
information that identifies request messages and response messages communicated between 
administrative client 202 and network resource 210 during a navigation session. 

Link 203 indicates that administrative client 202 can communicate with navigation 
5 capture server 204 and obtain information from database 206 effectively directly, although 
such communications may actually travel through network 104 or over a local area network 
that does not include network 104. 

Network resource 210 is one or more computer hardware or software elements that 
contain programs or data useful to a client. For example, network resource 210 may be 
10 associated with one or more application programs 212 and one or more sets of data 214. 
Programs 212 may provide services such as electronic commerce applications or any other 
useful functionality. Data 214 may comprise images, business data, etc. In one embodiment, 
network resource 210 is a World Wide Web site. The specific configuration of network 
resource 210 is not critical. What is important is that network resource 210 contains 
1 5 programs or data that are accessible by and useful to a client through network 1 04. 

FIG. 3 is a block diagram of a system 300 for controlling access and use of a client of 
a network resource. 

Generally, FIG. 3 includes the elements of FIG. 2. Additionally, a user view server 
208 is logically coupled to navigation capture server 204 and to database 206. User view 
20 server 208 communicates with navigation capture server 204 using Common Gateway 
Interface (CGI) scripts or commands. One or more clients 202A, 202B, 202N, etc. are 
coupled to network 104. 

In this configuration, a Rationalized Access and Navigation Proxy ("Navigation 
Proxy") system is provided. Using the navigation capture server 204, an institutional network 
25 Administrator accesses and navigates one or more Web sites or other network resources 210. 
In one embodiment, network 104 is a network that supports the Hypertext Transfer Protocol 
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(HTTP). As the Administrator accesses network resource 210, navigation capture server 204 
captures each HTTP Request that is generated by the Administrator's browser and each 
HTTP Response that is received, and stores information about the Requests and Responses in 
database 206. 

5 The navigation capture server 204 may record HTTP requests, including static URLs 

and requests containing query strings. The information may include complete HTML pages 
or any other information that is communicated between a client and server. 

The navigation capture server 204 then analyzes the captured information and 
generates an access/navigation script 216. The access/navigation script represents navigation 

1 0 actions taken by the Administrator in a session with network resource 210. The 

access/navigation script 216 may be stored in database 206. The access/navigation script 216 
generally comprises one or more HTTP requests. Each HTTP request may include, either 
statically or by a reference to a stored file or database record, complete HTML pages that 
have been parsed and modified to include references variables that can take on different 

1 5 values at runtime depending on the user context, tags that identify locations to insert context- 
dependent values, tags that identify locations to substitute values obtained from user input, 
etc. The script may also include conditional logic that links the HTTP requests. 

The Administrator accesses the navigation capture server 204 using the 
Administrator's browser and uses it to edit and generalize the access/navigation script 216. 

20 The access/navigation script 21 6 is generalized in a manner such that upon playback of the 
script by a client or other end user, in the exemplary manner described below, the user may 
input actual useful information and the system may capture specific response data. 

The Administrator may also use the navigation capture server 204 to create one or 
more internal Web applications that are bound to the access/navigation script 216. For 

25 example, the Administrator creates a home page of the system that the Administrator 

administrates, and creates a link in the home page to the access/navigation script. Further, the 



050329-0031 



-9- 



Administrator configures the User View Server 208 to enable a client or user to access the 
internal Web applications. This may involve associating a particular script 216 with the User 
View Server 208 and a particular network resource 210. 

In order to access network resource 210, a user or its client requests a connection to 
5 the network resource. The request may be carried out by selecting a hyperlink of a Web page 
that is presented to the client by an access control server or other starting point. Each 
hyperlink is associated with a CGI script of the User View Server 208, and each CGI script 
contains one or more calls to a particular access/navigation script 216 that is managed by 
navigation capture server 204. 

10 The User View Server 208, acting as proxy, permits access only to network resources 

that the Administrator has designated as "allowed," and permits access to those resources, 
such as network resource 210, only under the control of access/navigation script 216. For 
example, when the user requests a connection to a network resource 210, that has an 
associated access/navigation script 216, User View Server requests navigation capture server 

1 5 204 to retrieve and launch the script. As a result, the user is logged in to the network resource 
210 only in the manner previously specified in the script by the Administrator. All user 
connections reach only the User View Server as proxy for the network resource 210. 

Further, when the client accesses and navigates the internal Web applications, 
contemporaneous and context-specific information, relating to the client's then-current or 

20 specific request, is passed from the User View Server 208 to the navigation capture server 
204. User View Server 208 may communicate with navigation capture server 204, for 
example, using a servlet or a CGI call that presents data from the client to the navigation 
capture server 204, requests the navigation capture server 204 to play back a designated 
script using the client information as input. Navigation capture server 204 retrieves the script 

25 from a database or memory, launches the script, substitutes the input information into the 
script at predefined locations, and creates a contemporaneous or context-specific HTTP 
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response based on the script or substitutions. In one embodiment, navigation capture server 
204 merges the context-specific information into a corresponding request of the 
access/navigation script 216, and communicates a modified, context-specific request to the 
network resource 210 over network 104. Navigation capture server 204 then communicates 
5 the modified, context-specific request to network resource 2 1 0 for action. 

For example, assume that the network resource 210 is an e-commerce site and 
includes an order entry page that is filled out and submitted by a client to order one or more 
products. The user fills in fields of the form and submits the form. The access/navigation 
script 216 intercepts requests in the session. The script contains predefined information for 

1 0 filling in fields of the order entry page, as specified by the Administrator. The script fills in 
fields of the form with the predefined information, which may cause entries of the user to be 
overwritten with predefined information, and sends the completed form to the network 
resource 210. In this way, the script enforces navigation policies of the Administrator. 
At script playback time during a user session, the navigation capture server 204 

1 5 appears to network resource 2 1 0 as a browser. Accordingly, navigation capture server 204 
implements all necessary browser functions so that it can resolve URLs into IP addresses, 
identify links and follow them as needed, etc., as if it were a browser. This functionality 
ensures that script playback results in navigation of network resource 210 in a manner 
equivalent to browser navigation, but in a manner controlled by the script and that includes 

20 requests with context-specific information. 

When network resource 210 generates a response, the response message and any 
associated data are returned to the client through the navigation capture server 204 and User 
View Server 208. Alternatively, the response message or its associated data are captured by 
the navigation capture server as specified by the access/navigation script 216. 

25 Thus, a practical system involves creating one or more application programs that are 

associated with the generalized script, and delivering services or information from the 
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network resource through a user view server that is configured to execute the application 
programs under control of the generalized script and as a proxy for the network resource. 
User View Server 208 provides a client or other user with a rationalized view of network 
resource 210 that is controlled and organized according to the generalized script. Further, the 
5 user or client can navigate the network resource only as set forth in the generalized script. As 
a result, the user's access to and use of the network resource 210 are controlled in a pre- 
determined way, based upon the administrator's prior navigation of the network resource in 
an authorized or desired manner. 

A system having the foregoing configuration may be used with several applications or 

1 0 in several useful contexts. For example, an internal Web application can be set up to provide 
a single sign-on function for a second Web application for a group of users. The 
access/navigation script 216 would retain and play back the access information for the 
second Web application. The first internal Web Application would link the user through to 
the second Web application using the access/navigation script 216. 

1 5 Different scripts appropriate for users having different roles, or for users who are 

organized in different departments, may be configured. 

As another example, several Web applications can share a single Rationalized 
Internal Web Application. The inputs from a single Internal Web Application can be merged 
into the request and response playback of several different access/navigation scripts 216. The 

20 specific response data from the different Web applications can be formatted to fit the form of 
the single Internal Web Application by the corresponding access/navigation scripts 216. 

Navigation capture server 204 and User View Server 208 may be co-located, and may 
be implemented as separate processes executed by the same server or computer, or as one 
integrated process executed by one or more servers or computers. Further, navigation capture 

25 server 204 and User View Server 208 may share instructions and data or may be associated 
with a storage unit that has program instructions and data for both elements. 
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In an alternative embodiment, user access to User View Server 208 is controlled by 
an access control server of the type described in co-pending U.S. patent application serial 
number 09/248,764, filed February 12, 1999, entitled Role-Based Navigation of Information 
Resources. In another alternative, user access to User View Server 208 is controlled by an 
5 access control server such as getAccess™, commercially available from enCommerce, Inc., 
of Santa Clara, California. 

METHOD OF CREATING AND STORING A NAVIGATION PATH 
FIG. 4A is a flow diagram of a method of creating and storing a navigation path for a 
network resource. 

10 In block 402, a network resource is accessed and navigated. For example, a client 

computer, associated with an administrator or some other user, uses a browser to connect to a 
particular network resource, such as a Web site. In block 404, request messages and response 
messages that are generated during navigation are detected. For example, a software element 
associated with the browser or with a separate server may detect each request and response 

1 5 communicated from or to the browser. 

In block 406, request and response information is created and stored. For example, 
meta-information that identifies or represents the requests and responses is stored in a 
database that is associated with the client, browser, or separate server. In this manner, 
requests by the browser and responses of the network resource to the browser are captured 

20 and stored for later use and analysis. Processing concludes at block 408, which may involve 
terminating a process or passing control to another process for further process steps. 

FIG. 4B is a flow diagram of further steps in a method of creating and storing a 
navigation path for a network resource. 

In block 410, the request and response meta-information that was stored in block 406 

25 is retrieved and analyzed, and in block 412 an access and navigation script is created and 
stored based on the request and response meta-information. For example, in one 
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embodiment, navigation capture server 204 analyzes the captured meta-information and 
generates an access/navigation script 216. The access/navigation script represents navigation 
actions taken by the Administrator in a session with the network resource. The 
access/navigation script 216 may be stored in database 206. 
5 FIG. 4C is a flow diagram of further steps in a method of creating and storing a 

navigation path for a network resource. 

In block 414, the access and navigation script that was created and stored in block 
412 is retrieved and analyzed. In block 416, the access and navigation script is modified to 
result in creating and storing a generalized script that can accept context specific request and 
1 0 response information when it is used in an actual user navigation of a network resource. For 
example, in one embodiment, an Administrator accesses the navigation capture server 204 
using the Administrator's browser and uses it to edit and generalize the access/navigation 
script 216. 

In block 418, one or more applications that are associated with the generalized script 
1 5 are created. For example, a user may use the navigation capture server 204 to create one or 
more internal Web applications that are bound to the access/navigation script 216. In block 
420, a user view server is configured to run the applications that are created in block 418, and 
to use the generalized access and navigation script. For example, in one embodiment, an 
Administrator configures User View Server 208 to enable a client to access internal Web 
20 applications. 

METHOD OF CONTROLLING ACCESS AND USE OF A CLIENT 
FIG. 5 A is a flow diagram of a method of controlling access and use of a client of a 
network resource. 

In block 502, a user connection to a user view server is received. For example, a 
25 client such as client 212A, 212B, 212N requests a connection to network resource 210. User 
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View Server 208, acting as proxy for network resource 210, intercepts and accepts the client 
connection. In block 504, a user request for a function of a network resource is received. For 
example, one of the clients 212A, 212B, 212N requests a Web page that is the opening page 
of a particular Web application offered by network resource 210, e.g., a catalog page of an 
5 electronic commerce Web site. 

In block 506, the generalized navigation script is accessed, and a request template 
corresponding to the user's request is obtained. For example, when the client accesses and 
navigates the internal Web applications, contemporaneous and context-specific information, 
relating to the client's then-current or specific request, is passed from the User View Server 
1 0 208 to the navigation capture server 204. In block 508, contemporaneous user request 

information is merged into the request template, thereby creating a context-specific request. 
For example, the navigation capture server 204 merges the context-specific information into 
a corresponding request of the access/navigation script 216. In block 510, a context-specific 
request is sent to the network resource. For example, navigation capture server 204 
1 5 communicates a modified, context-specific request to the network resource 210. 

FIG. 5B is a flow diagram of further steps in a method of controlling access and use 
of a client of a network resource. 

In block 520, context-specific response information is received from a network 
resource. In block 522, the generalized access/navigation script is accessed, and a response 
20 template corresponding to the context-specific response is obtained. 

In block 524, context-specific information extracted from the response message is 
stored, for example, in database 206. This step enables the system to capture response 
information that is provided by network resource 210 for other use. 

Alternatively, as indicated by block 526, the context-specific response of the network 
25 resource 210 is modified as indicated by the generalized navigation script. In block 528, the 
modified response is sent to the user view server. In block 530, the response is 



050329-0031 



-15- 



communicated to the user. Thereafter, control may pass back to block 504 for processing 
another user request, or control may terminate as indicated by block 532, or control may be 
passed to another process or step. 

Thus, in one embodiment, when network resource 210 generates a message in 
response to a client request, the response message and any associated data are returned to the 
client through the navigation capture server 204 and User View Server 208 as proxies. 
Alternatively, the response message or its associated data are captured by the navigation 
capture server as specified by the access/navigation script 216. 

Using a system configured according to the description in this document, or a method 
as described in this document, a navigation capture server can record steps taken by an 
administrative user in navigating a network resource, edit the navigation information to make 
it more general, and post-link navigation scripts to a population of a plurality of users, 
through the User View Server. As a result, each user experiences a Web site in a controlled 
manner or with a uniform user interface based on the generalized script. Each user has a 
consistent view of the applications and information of the network resource and can navigate 
through the network resource only in the manner defined by the generalized script. At the 
same time, the user can request and receive specific information according to a particular, 
then-current need or project. 

The processes of FIG. 4A, FIG. 4B, FIG. 4C, FIG. 5A, FIG. 5B maybe carried at 
separate times with a significant time interval between each process, or in immediate 
succession, or in any other order or interval arrangement. Each process may be implemented 
in one or more computer programs, processes or routines executed by appropriate clients, 
servers, or other computer hardware. 
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- HARDWARE OVERVIEW 

FIG. 6 is a block diagram that illustrates a computer system 600 upon which an 
embodiment of the invention may be implemented. 

Computer system 600 includes a bus 602 or other communication mechanism for 
5 communicating information, and a processor 604 coupled with bus 602 for processing 
information. Computer system 600 also includes a main memory 606, such as a random 
access memory (RAM) or other dynamic storage device, coupled to bus 602 for storing 
information and instructions to be executed by processor 604. Main memory 606 also may 
be used for storing temporary variables or other intermediate information during execution of 
1 0 instructions to be executed by processor 604. Computer system 600 further includes a read 
only memory (ROM) 608 or other static storage device coupled to bus 602 for storing static 
information and instructions for processor 604. A storage device 610, such as a magnetic 
disk or optical disk, is provided and coupled to bus 602 for storing information and 
instructions. 

15 Computer system 600 maybe coupled via bus 602 to a display 612, such as a cathode 

ray tube (CRT), for displaying information to a computer user. An input device 614, 
including alphanumeric and other keys, is coupled to bus 602 for communicating information 
and command selections to processor 604, Another type of user input device is cursor 
control 616, such as a mouse, a trackball, or cursor direction keys for communicating 

20 direction information and command selections to processor 604 and for controlling cursor 
movement on display 612. This input device typically has two degrees of freedom in two 
axes, a first axis (e.g., x) and a second axis (e,g., y), that allows the device to specify 
positions in a plane. 

The invention is related to the use of computer system 600 for controlling use of a 
25 network resource. According to one embodiment of the invention, controlling use of a 
network resource is implemented by computer system 600 in response to processor 604 
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executing one or more sequences of one or more instructions contained in main memory 606. 
Such instructions may be read into main memory 606 from another computer-readable 
medium, such as storage device 610. Execution of the sequences of instructions contained in 
main memory 606 causes processor 604 to perform the process steps described herein. In 
5 alternative embodiments, hard-wired circuitry may be used in place of or in combination with 
software instructions to implement the invention. Thus, embodiments of the invention are 
not limited to any specific combination of hardware circuitry and software. 

The term "computer-readable medium" as used herein refers to any medium that 
participates in providing instructions to processor 604 for execution. Such a medium may 

1 0 take many forms, including but not limited to, non-volatile media, volatile media, and 

transmission media. Non-volatile media includes, for example, optical or magnetic disks, 
such as storage device 610. Volatile media includes dynamic memory, such as main memory 
606. Transmission media includes coaxial cables, copper wire and fiber optics, including the 
wires that comprise bus 602. Transmission media can also take the form of acoustic or light 

1 5 waves, such as those generated during radio wave and infrared data communications. 

Common forms of computer-readable media include, for example, a floppy disk, a 
flexible disk, hard disk, magnetic tape, or any other magnetic medium, a CD-ROM, any other 
optical medium, punchcards, papertape, any other physical medium with patterns of holes, a 
RAM, a PROM, and EPROM, a FLASH-EPROM, any other memory chip or cartridge, a 

20 carrier wave as described hereinafter, or any other medium from which a computer can read. 

Various forms of computer readable media may be involved in carrying one or more 
sequences of one or more instructions to processor 604 for execution. For example, the 
instructions may initially be carried on a magnetic disk of a remote computer. The remote 
computer can load the instructions into its dynamic memory and send the instructions over a 

25 telephone line using a modem. A modem local to computer system 600 can receive the data 
on the telephone line and use an infra-red transmitter to convert the data to an infra-red 



050329-0031 



-18- 



signal An infra-red detector can receive the data carried in the infra-red signal and 
appropriate circuitry can place the data on bus 602. Bus 602 carries the data to main memory 
606, from which processor 604 retrieves and executes the instructions. The instructions 
received by main memory 606 may optionally be stored on storage device 610 either before 
5 or after execution by processor 604. 

Computer system 600 also includes a communication interface 618 coupled to bus 
602. Communication interface 618 provides a two-way data communication coupling to a 
network link 620 that is connected to a local network 622. For example, communication 
interface 618 may be an integrated services digital network (ISDN) card or a modem to 

10 provide a data communication connection to a corresponding type of telephone line. As 
another example, communication interface 618 maybe a local area network (LAN) card to 
provide a data communication connection to a compatible LAN. Wireless links may also be 
implemented. In any such implementation, communication interface 618 sends and receives 
electrical, electromagnetic or optical signals that carry digital data streams representing 

1 5 various types of information. 

Network link 620 typically provides data communication through one or more 
networks to other data devices. For example, network link 620 may provide a connection 
through local network 622 to a host computer 624 or to data equipment operated by an 
Internet Service Provider (ISP) 626. ISP 626 in turn provides data communication services 

20 through the world wide packet data communication network now commonly referred to as 
the "Internet" 628. Local network 622 and Internet 628 both use electrical, electromagnetic 
or optical signals that carry digital data streams. The signals through the various networks 
and the signals on network link 620 and through communication interface 618, which carry 
the digital data to and from computer system 600, are exemplary forms of carrier waves 

25 transporting the information. 
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Computer system 600 can send messages and receive data, including program code, 
through the network(s), network link 620 and communication interface 61 8. In the Internet 
example, a server 630 might transmit a requested code for an application program through 
Internet 628, ISP 626, local network 622 and communication interface 618. In accordance 
5 with the invention, one such downloaded application implements controlling use of a 
network resource. 

The received code may be executed by processor 604 as it is received, and/or stored 
in storage device 610, or other non-volatile storage for later execution. In this manner, 
computer system 600 may obtain application code in the form of a carrier wave. 

1 0 ~ SCOPE OF DISCLOSURE 

In the foregoing specification, the invention has been described with reference to 
specific embodiments thereof. It will, however, be evident that various modifications and 
changes may be made thereto without departing from the broader spirit and scope of the 
invention. The specification and drawings are, accordingly, to be regarded in an illustrative 

1 5 rather than a restrictive sense. 
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CLAIMS 

What is claimed is: 



1 1 . A method of controlling use of a network resource, comprising the steps of: 

2 accessing and navigating the network resource; 

3 detecting request and response messages that are generated during the navigating; 

4 creating and storing an access and navigation script based on the request and response 

5 messages; 

6 modifying the access and navigation script to result in creating and storing a 

7 generalized script that can accept context specific request and response 

8 information when used in an actual user navigation of the network resource. 

12. A method as recited in Claim 1 , further comprising the steps of creating and storing 

2 meta-information representing the request and response messages; creating and 

3 storing the access and navigation script based on the meta-information. 

13. A method as recited in Claim 1 , further comprising the steps of retrieving and 

2 analyzing the stored meta-information, and creating and storing the access and 

3 navigation script based on the meta-information. 

1 4. A method as recited in Claim 1 , further comprising the steps of creating one or more 

2 application programs that are associated with the generalized script; delivering 

3 services or information from the network resource through a user view server that is 

4 configured to execute the application programs under control of the generalized script 

5 and as a proxy for the network resource. 

15. A method as recited in Claim 1, further comprising the steps of: 

2 receiving a request from the client for use of a function or resource of the network 

3 resource; 

4 accessing the generalized script to obtain a request template corresponding to the 

5 client request; 
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6 
7 
8 



merging contemporaneous information that is specific to the client request into the 

request template to result in creating a context-specific request; 
communicating the context-specific request to the network resource. 



1 6. A method as recited in Claim 5, further comprising the steps of: 

2 receiving a context-specific response from the network resource; 

3 accessing the generalized script to obtain a response template corresponding to the 

4 context-specific response; 

5 modifying the context-specific response according to the generalized script; 

6 communicating the modified response to the client. 

1 7. A method as recited in Claim 5, further comprising the steps of: 

2 receiving a context-specific response from the network resource; 

3 accessing the generalized script to obtain a response template corresponding to the 

4 context-specific response; 

5 modifying the context-specific response according to the generalized script; 

6 communicating the modified response to a user view server for subsequent 

7 communication to the client, whereby the client receives a view of the network 

8 resource that is controlled according to the generalized script. 

1 8. A method of controlling use of a network resource, comprising the steps of: 

2 creating and storing an access and navigation script based on requests and responses 

3 that are generated during a session of navigating the network resource; 

4 modifying the access and navigation script to result in creating and storing a 

5 generalized script that can accept context specific request and response 

6 information; 

7 receiving a request from the client for use of a function or resource of the network 

8 resource; 

9 accessing the generalized script to obtain a request template corresponding to the 
10 client request; 
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1 1 merging contemporaneous information that is specific to the client request into the 

1 2 request template to result in creating a context-specific request; 

1 3 communicating the context-specific request to the network resource. 

1 9. A method as recited in Claim 8, further comprising the steps of: 

2 receiving a context-specific response from the network resource; 

3 accessing the generalized script to obtain a response template corresponding to the 

4 context-specific response; 

5 modifying the context-specific response according to the generalized script; 

6 communicating the modified response to the client. 

1 10. A method as recited in Claim 8, further comprising the steps of: 

2 receiving a context-specific response from the network resource; 

3 accessing the generalized script to obtain a response template corresponding to the 

4 context-specific response; 

5 modifying the context-specific response according to the generalized script; 

6 communicating the modified response to a user view server for subsequent 

7 communication to the client, whereby the client receives a view of the network 

8 resource that is controlled according to the generalized script. 

1 11. A method of controlling use of a Web site, comprising the steps of: 

2 accessing and navigating the Web site using a browser associated with a network 

3 administrator or other authorized party; 

4 detecting request and response messages that are generated by the Web site and the 

5 browser during the navigating; 

6 creating and storing an access and navigation script based on the request and response 

7 messages; 

8 modifying the access and navigation script to result in creating and storing a 

9 generalized script that can accept context specific request and response 
1 0 information when used in an actual user navigation of the Web site. 
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1 12. Apparatus for controlling use of a network resource, comprising: 

2 a navigation capture server that can access a network resource and that is coupled to a 

3 data store; 

4 a user view server coupled to the navigation capture server and to the data store; 

5 instructions stored in association with the navigation capture server and user view 

6 server which, when executed by one or more processors of the navigation 

7 capture server or user view server, cause the one or more processors to carry 

8 out the steps of: 

9 accessing and navigating the network resource; 

1 0 detecting request and response messages that are generated during the 

1 1 navigating; 

12 creating and storing an access and navigation script based on the request and 

1 3 response messages; 

14 modifying the access and navigation script to result in creating and storing a 

1 5 generalized script that can accept context specific request and response 

1 6 information when used in an actual user navigation of the network 

17 resource. 

1 13. Apparatus as recited in Claim 1 2, wherein the instructions further comprise 

2 instructions for carrying out the steps of creating and storing meta-information 

3 representing the request and response messages; creating and storing the access and 

4 navigation script based on the meta-information. 

1 14. Apparatus as recited in Claim 12, wherein the instructions further comprise 

2 instructions for carrying out the steps of retrieving and analyzing the stored meta- 

3 information, and creating and storing the access and navigation script based on the 

4 meta-information. 

1 15. Apparatus as recited in Claim 12, wherein the instructions further comprise 

2 instructions for carrying out the steps of creating one or more application programs 
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3 that are associated with the generalized script; delivering services or information from 

4 the network resource through a user view server that is configured to execute the 

5 application programs under control of the generalized script and as a proxy for the 

6 network resource. 

1 16. Apparatus as recited in Claim 1 2, wherein the instructions further comprise 

2 instructions for carrying out the steps of: 

3 receiving a request from the client for use of a function or resource of the network 

4 resource; 

5 accessing the generalized script to obtain a request template corresponding to the 

6 client request; 

7 merging contemporaneous information that is specific to the client request into the 

8 request template to result in creating a context-specific request; 

9 communicating the context-specific request to the network resource. 

1 17. Apparatus as recited in Claim 16, wherein the instructions further comprise 

2 instructions for carrying out the steps of: 

3 receiving a context-specific response from the network resource; 

4 accessing the generalized script to obtain a response template corresponding to the 

5 context-specific response; 

6 modifying the context-specific response according to the generalized script; 

7 communicating the modified response to the client. 

1 18. Apparatus as recited in Claim 1 6, wherein the instructions further comprise 

2 instructions for carrying out the steps of: 

3 receiving a context-specific response from the network resource; 

4 accessing the generalized script to obtain a response template corresponding to the 

5 context-specific response; 

6 modifying the context-specific response according to the generalized script; 
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7 communicating the modified response to a user view server for subsequent 

8 communication to the client, whereby the client receives a view of the network 

9 resource that is controlled according to the generalized script. 

1 1 9. Apparatus for controlling use of a network resource, comprising: 

2 a navigation capture server that can access a network resource and that is coupled to a 

3 data store; 

4 a user view server coupled to the navigation capture server and to the data store; 

5 instructions stored in association with the navigation capture server and user view 

6 server which, when executed by one or more processors of the navigation 

7 capture server or user view server, cause the one or more processors to carry 

8 out the steps of: 

9 creating and storing an access and navigation script based on requests and responses 

1 0 that are generated during a session of navigating the network resource; 

1 1 modifying the access and navigation script to result in creating and storing a 

12 generalized script that can accept context specific request and response 

13 information; 

1 4 receiving a request from the client for use of a function or resource of the network 

15 resource; 

1 6 accessing the generalized script to obtain a request template corresponding to the 

17 client request; 

1 8 merging contemporaneous information that is specific to the client request into the 

1 9 request template to result in creating a context-specific request; 

20 communicating the context-specific request to the network resource. 

1 20. A computer-readable medium carrying one or more sequences of instructions for 

2 controlling use of a network resource, wherein execution of the one or more 

3 sequences of instructions by one or more processors causes the one or more 

4 processors to perform the steps of: 

5 accessing and navigating the network resource; 

6 detecting request and response messages that are generated during the navigating; 
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creating and storing an access and navigation script based on the request and response 
messages; 

modifying the access and navigation script to result in creating and storing a 
generalized script that can accept context specific request and response 
information when used in an actual user navigation of the network resource. 
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ABSTRACT OF THE DISCLOSURE 

A method and apparatus for controlling use of a network resource. A network administrator 
accesses and navigates one or more network resources. A navigation capture server captures 
each request that is generated by the administrator's browser and each response that is 
5 received, and stores information about the requests and responses. The navigation capture 
server analyzes the captured information and generates an access/navigation script that 
represents the navigation actions taken by the administrator in the session. The script is 
edited and generalized in a manner such that upon playback of the script, the user may input 
actual useful information and the system may capture specific response data. When the client 

10 accesses and navigates the Web applications, context-specific information, relating to the 
clients then-current request, is passed from the User View Server to the navigation capture 
server. The navigation capture server merges the context-specific information into a 
corresponding request of the access/navigation script, and communicates a modified, context- 
specific request to the network resource. When the network resource generates a response, 

1 5 the message and any associated data are returned to the client through the navigation capture 
server and User View Server in a reciprocal manner. Thus, each user experiences a Web site 
with a uniform user interface or in a controlled way. 
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